Privacy Policy

Last Updated: December 7, 2025

Introduction

GiveBAC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services, including our virtual card program powered by Stripe Issuing.

Information We Collect

Personal Information

  • Account Information: Name, email address, phone number, date of birth
  • Identity Verification: Government-issued ID, Social Security Number (for KYC/AML compliance)
  • Financial Information: Bank account details, payment method information
  • Contact Information: Billing address, shipping address

Card and Transaction Information

  • Virtual Card Data: Card number, expiration date, CVV (encrypted and tokenized)
  • Transaction Details: Merchant name, purchase amount, location, timestamp
  • Donation Records: Round-up amounts, selected charities, donation history

Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: App interactions, features used, session duration
  • Location Data: IP address, approximate location (if permitted)
  • Log Data: Access times, pages viewed, app crashes

How We Use Your Information

  • Provide Services: Process transactions, manage your virtual card, facilitate donations
  • Compliance: Verify identity (KYC), prevent fraud, comply with legal obligations
  • Communication: Send transaction notifications, donation receipts, account updates
  • Improve Services: Analyze usage patterns, develop new features, enhance user experience
  • Security: Detect and prevent fraud, unauthorized access, and illegal activities
  • Customer Support: Respond to inquiries, resolve issues, provide assistance

Information Sharing and Disclosure

Third-Party Service Providers

Stripe, Inc. (Card Issuer & Payment Processor)

We partner with Stripe for virtual card issuance and payment processing. Stripe receives your financial information, transaction data, and identity verification documents. Stripe is PCI DSS Level 1 certified and complies with strict security standards.

View Stripe's Privacy Policy: https://stripe.com/privacy

We may also share information with:

  • Charitable Organizations: Donation amounts, donor count (anonymized aggregate data only)
  • Cloud Service Providers: AWS, Google Cloud for hosting and data storage
  • Analytics Providers: Usage statistics and app performance (anonymized)
  • Legal Authorities: When required by law or to protect rights and safety

Data Security

We implement industry-standard security measures:

  • Encryption: All data transmitted using TLS/SSL encryption (256-bit)
  • Tokenization: Card numbers are tokenized and never stored in plain text
  • PCI DSS Compliance: We follow Payment Card Industry Data Security Standards
  • Access Controls: Strict employee access limitations, multi-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Data Minimization: We only collect necessary information

Your Rights and Choices

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Receive your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications
  • Limit Processing: Restrict how we use your data

Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Active Accounts: Duration of your account plus 7 years for financial records
  • Transaction Records: Minimum 7 years for tax and regulatory compliance
  • Deleted Accounts: Personal data deleted within 90 days (except legally required records)

Children's Privacy

GiveBAC is not intended for users under 18 years of age. We do not knowingly collect information from minors. If you believe we have collected information from a child, please contact us immediately.

International Users

Your information may be transferred to and processed in the United States. By using GiveBAC, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or app notification. Your continued use of GiveBAC after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

GiveBAC Privacy Team

Email: [email protected]

Address: [Your Business Address]

We will respond to privacy requests within 30 days.

GDPR & CCPA Compliance: This Privacy Policy complies with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Users in applicable jurisdictions have additional rights under these laws.